This is in relation to the 2018 General Data Protection Regulation (GDPR).
Emma Leeson Massage (ELM) Limited is registered and compliant with Government-led guidelines from the Information Commissioner's Office (ICO);
"The UK's independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals".
1. Information about Emma Leeson Massage (ELM) Limited
ELM is the abbreviated trading name of Emma Leeson Massage (ELM) Limited which is a registered limited company in the United Kingdom No.10543759.
ELM’s main trading address is:
2 The Parade
2. What is Personal Data?
Personal data is information relating to an identified or identifiable natural person, such as name, age, address, date of birth, gender and contact details.
Personal data may contain information that is known as ‘sensitive’ data.
This may be information relating to an individual’s health, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic and biometric data, or data relating to or sexual orientation. Data relating to criminal convictions and offences is also considered sensitive data.
3. What information does ELM collect about you?
ELM collects information about you when you contact us first to use our services (whether by telephone, email or through our website booking form at www.elmassage.co.uk) and upon your first visit for treatment.
Upon signing the consultation form on your first treatment at ELM you are agreeing that ELM will keep your details confidential and abide by GDPR guidelines. You also agree that ELM can contact your via telephone, text message, email regarding your appointments and treatments with us. This also includes the occasional marketing/promotional update of our products, services and availability. An option to ‘opt out’ is always included if you would no longer like us to contact you.
We also send out seasonal Christmas and Birthday greetings cards with a discount voucher enclosed by post to the address you provided us with. Again there is an option on this material to ‘opt out’ of receiving postal items from us.
Personal data is collected such as:
Date of birth
Health conditions including allergies, medication and doses, history of; injuries, operations, illnesses
GP surgery details and other body treatments currently and previously received
Lifestyle covering an overview of: exercise, diet, sleep and stress levels
Information on current physical state (i.e. aches/pains/tension)
If you object to the collection and use of your personal data we may be unable to provide you with our services.
4. Section regarding COVID-19
With the uprise of the global pandemic 'Covid-19' in 2020, businesses have had to look into ways of changing and safely conducting their practices. Upon the reopening of Emma Leeson Massage (ELM) Limited after the first (of many) government-inputted 'Lockdown' periods, ELM are required to gather a small amount of new information from our clients.
The client will have to answer a few COVID-19 specific questions regarding their current health and possible exposure to the virus. They will then sign an online disclaimer form to confirm they are 'fit for treatment' in relation to the virus and its symptoms every time they visit.
ELM will be updating everyone's paperwork to check all health, contact details and medical information is up to date upon their first visit back with us post-lockdowns. This may be done in paper-form but also with the use of online questionnaires via my website www.elmassage.co.uk. As with new clients filling in the 'make an appointment' or 'contact form' tabs on ELM's website (see section 5); all information on the new tabs 'Covid-19 pre-treatment questionnaire' and 'client records update form' will be safely secure and sent to myself (Emma) only via email. I can keep these records in my emails and in paper form but will delete and shred personal information by client request or if and when the information is no longer required.
The government have launched their NHS Covid-19 Test and Trace app. The app is designed for people to download, track their symptoms, 'check in' to venues and businesses they attend with a QR code (ELM has a QR code). They will receive an 'alert' if somebody they have been in close proximity of has reported to have symptoms or diagnosis of COVID-19. This will require these people to self-isolate in order to prevent any potential spread of the virus and track the source.
I have downloaded this app myself as well as members of my household. I recommend my clients to do the same. If there happened to be an incident where COVID-19 was exposed into my circle of clients; there is a possibility I could be asked by the app to disclose information of people I have seen in a certain time scale to relevant authorities such as the government and NHS.
I would of course inform people if this is the case, add relevant literature to my consultation paperwork for signed approval and be vigilant that the source asking for information is of course genuine.
Hopefully this will be less unlikely to arise as we hope the virus and precautions to lower as time progresses but it is important enough to raise this new section as potential awareness.
The government have released a privacy statement about Track & Trace personal data and how it is used. For more information on this please click here.
Gov.uk NHS Covid-19 App:
"NHS Covid-19 app users can now share their venue history via the app with public health authorities if they test positive for coronavirus (COVID-19). This will be used to help other visitors to the venue to be warned that they may be at risk if multiple visitors have tested positive since visiting the venue. Venue names and details will not be shared in these alerts".
5. How will we use and store the information about you?
We collect information about you in order to ‘paint a picture’ of our client’s health and lifestyle to cater our treatments to the person’s individual needs and much as we possibly can. Importantly there is also a safety element knowing how to give treatment to the client. This is based on the health information they provide and being aware of any serious conditions that may affect the treatment. In this way we can improve the service you receive on repeat visits.
Our website www.elmassage.co.uk is simply a public informative platform for potential clients to find out about what we do. The information you supply on our online booking form has no public exposure and will be sent directly to our business email address: firstname.lastname@example.org which only I, Emma Leeson, the director of ELM, have secure password access to.
The information you provide will securely be stored in our business email account and once the client has attended their first session information will be hand written (then if the client wishes the email details can be deleted) on contact cards and the consultation form . These two documents are stored separately for security and identity protection.
The contact cards contain identity information including name, address, email, telephone number and dates client has attended treatments. The consultation forms contain the other information specified above about the person’s health and lifestyle and write up notes by me from the treatment performed.
For all my clients data I have a coded filing system so if there ever was a scenario where documents were put into the wrong hands (this will not happen) there wouldn’t be any correlation (apart from the coding and knowledge only I know of) as to who the notes are about.
All data is currently in paper form stored securely in a locked cabinet and locked room which only Emma Leeson, the director of ELM has key and lock access to. We do have future plans of setting up a digital back up of client information (this would be on a secure document on ELM’s business laptop with no online exposure) in the future at some point. We will inform you if and when we initiate this process.
Once we have your records, we will send you a confirmation message via text message (or other telephone applications if preferable i.e. WhatsApp©, Facebook© Messenger) the day before your scheduled appointment. We will then send you a courtesy message the following week post treatment to check how you are and confirm the dates/times of the next treatment booking.
If you object to ELM sending you confirmation messages it may be difficult for us to provide you with our services.
After your first treatment, you will receive a ‘welcome pack’ including information on treatment effects and after care advice, ELM promotional price list leaflet, ELM business card and ELM loyalty card.
ELM will not share your information with other people or organisations; it is purely in the safe hands of Emma Leeson Massage (ELM) Limited. Only with your consent or suggestion will we consult with other medical professionals you are treated by (i.e. GP or other medical/complementary therapists) if you/we feel it would benefit the treatment you are receiving.
We would like to occasionally send you updated information about our products and services. You would have consented to receive marketing messages by signing the consultation form on your first treatment which you may opt out of at any time. You have a right to stop us from contacting you for marketing purpose if you wish.
If you no longer wish to be contacted by ELM, please send us a text message with the word ‘STOP’ to 07756907378 or email email@example.com.
7. Data Retention
We will retain your personal data and continue to contact you for a period of three years after the date of your last treatment with us. You may opt out of this at any time. If you do not opt out and we do not treat you in three years we will automatically stop contacting you.
We will keep your consultation history notes and personal data still which will be securely stored. If you request for us to destroy your records we will obey. If nothing is said we will keep your documents and details for four years. If we still do not hear from you in four years we will then safely and securely shred your information.
8. Your Rights
These rights are known as Individual Rights under the Data Protection Act 2018. The following list details these rights:
The right to be informed about the personal data being processed;
The right of access to your personal data;
The right to object to the processing of your personal data;
The right to restrict the processing of your personal data;
The right to rectification of your personal data;
The right to erasure of your personal data;
The right to data portability (to receive an electronic copy of your personal data);
In rare instances we may need to retain your data for longer, for example if we are in or defending ourselves in a legal dispute as required by law or where evidence exists that future potential issues may occur.
9. Access to your Information and Correction
If you would like a copy of some or all of your personal information, please speak to Emma of ELM directly. As mandated by law we will not charge a fee to process these requests, however if your request is considered to be repetitive, wholly unfounded and/or excessive, we are entitled to charge a reasonable administration fee.
We want to make sure that your personal information is accurate and up to date. You may ask us to correct or remove information you think is inaccurate.
11. How to Contact Us
If you are dissatisfied with any aspect of the way in which we process your personal data please contact us using the details above. You also have the right to complain to the UK’s data protection supervisory authority, the Information Commissioner’s Office (ICO). The ICO may be contacted via its website which is https://ico.org.uk/concerns/, by live chat or by calling their helpline on 0303 123 1113.
If you would like to see posts and updates from Emma Leeson Massage (ELM) Limited on social media please do search and follow us on:
I thoroughly hope you
enjoyed your treatment
with ELM and appreciate
Please feel free to
on our Testimonial page!
Follow ELM on socials by clicking on the icons below!